Server security is the most important things to protect your server from attackers. A bad security setting will brings your server to a serious threat. Remember it, when you make your server to be online your server will facing thousands malicious/malware that ready to harm your server. The security is a must-have by your server and the basic of security can be done by securing your ssh access.
The basic server security can be done by securing your SSH. SSH (Secure Shell) has become the most widespread remote login protocol for Linux servers, with some estimates saying that there were at least 2 million SSH users at the end of 2000.
These are step by step how to securing your SSH.
Use your favorite text editor, in this example we use nano. At command prompt type:
nano /etc/ssh/sshd_config
Change the default ssh port, scroll down your text editor to the section of the file that looks like this:
#Port 22
Uncomment it, and change to look like
Port 2222
Note: choose your own 4 to 5 digit port number, 49151 is the highest port number, use only closed/unused port and do not use 2222 lol
Next, uncomment and change these parameter
#Protocol 2, 1
to look like
Protocol 2
If you have more than one IP address you can bind your sshd to a single IP that is different than the server main IP address. In your text editor find the line look like this:
#ListenAddress 0.0.0.0
Uncomment it and change the value 0.0.0.0 to your servers additional IP address, example
ListenAddress 127.0.1.1
If you would like to disable direct root login, scroll down your text editor until find these parameter:
#PermitRootLogin yes
Uncomment it and change it to
PermitRootLogin no
Note: When you disable root login, you will be unable to directly ssh-ing your server as root. The safest and stupid way to keep access to the server as root is by creating another user account with normal privilege access (call it as a phantom user),
First, add new user
useradd -m -d /home/USERNAME USERNAME passwd USERNAME
then use the su or sudo command if you need a root access to your server. Example
su root
Save your changes, for nano editor press Ctrl o on your keyboard, and then exit by pressing Ctrl x.
Now restart your ssh, At command prompt type:
/etc/rc.d/init.d/sshd restart
or
service sshd restart
After your sshd restarted successfully, log out of your current ssh session, and then log in to your ssh using the new binded IP with the phantom user.
The next additional step is disabling your telnet. SSH-ing into your server and log in as root.
Use your favorite text editor to open /etc/xinetd.d/telnet file. Change these parameter:
disable = no
to
disable = yes
Exit from text editor then restart xinetd service
/etc/init.d/xinetd restart
or
service xinetd restart
Source: WebHostingTalk